Back to skill
Skillv0.4.1
Static analysis security
Clawlett · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 30, 2026, 4:58 AM
- Summary
- Detected: suspicious.env_credential_access, suspicious.potential_exfiltration
- Reason codes
- suspicious.env_credential_accesssuspicious.potential_exfiltration
- Engine
- v2.4.5
Evidence
criticalscripts/cow.js:250
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/initialize.js:29
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/swap.js:154
Environment variable access combined with network send.
suspicious.env_credential_access
criticalscripts/trenches.js:44
Environment variable access combined with network send.
suspicious.env_credential_access
warnscripts/cow.js:241
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/initialize.js:182
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/swap.js:145
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration
warnscripts/trenches.js:88
File read combined with network send (possible exfiltration).
suspicious.potential_exfiltration